NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS RR4360S Diable weak ciphers and weak algorithms
Looking for best practice for disabling weak ssh ciphers and weak MAC algortihms. This system seems to be built off-standard from Debain OS feel. If the underlying OS can be updated, that info woul...
I think you must mean /etc/ssh/sshd_config.
I don't have that level of knowlege of Debian and SSH. But I can make this advice: don't just start trying it on your live RR4360. Try it on a "sandbox" system, a desktop NAS for just such experiments or even a VM -- something you can factory default without consequence if you mess up. You definately don't want to lock yourself out of that NAS by an editing mistake or trying something not supported.
See Setup-ReadyNAS-OS-on-VirtualBox for seting up a VM. Once set up with that outdated OS version, you can do normal OS updates to reach the same version as your production NAS. Once you have it running, you can make clones for experiments and just kill them if they implode. Or a legacy desktop system (maybe with a VGA port) converted to OS6 would also work well.
Reporting back anything you find out -- successful or unsuccessful -- would be appreciated by the community.
Will do. Thanks for the info. Once verified good or bad, will Kudos the solution.
Not sure which ciphers you want to remove. But there is a bug fix in 6.10.6 that is relevant:
- The cipher 3DES is removed from Apache-supported ciphers.
Weak and insecure ciphers really should imply all, 3DES yes, but also anything CBC should be removed/disabled.
Why does the ReadyNas OS not update the underlying OS? I have not found an answer to this in the past 8 months of looking...
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
